Forum Discussion

Nimbostratus

Dec 04, 2015

Solved

ASM - Block GET requests on a specific URL

Hello, I'm trying hard to block GET request on a specific URL with the ASM module. This URL has to allow only POST request and I saw that GET / POST request are allowed by default in the methods...

ASM Advanced WAF

BIG-IP

security

Hannes_Rapp_162
Dec 07, 2015
1 - Creating a new User-defined ASM violation

Security > Options > Application Security > Advanced Configuration > Violations List > User Defined Violations (tab); Select "Create New User-Defined Violation"

Sample Field Values (adjust as needed): Name "VIOLATION_FORBIDDEN_GET_PATH" Title "GET Request to a restricted path" Type "Access Violation" Severity "Alert" Attack Type "Abuse of Functionality" Description (leave empty)

2 - Go to Blocking Settings

Select Block for your new custom violation (or Alarm, if you want to transparently test)

3 - Creating an iRule

The sample below covers the most simple use-case, a single path. In case of 10 or more paths, using a LTM data group entry match, or a switch statement would be a better option.

when HTTP_REQUEST { set reqBlock 0 if {([HTTP::method] equals "GET") and ([string tolower [HTTP::path]] equals "/mypath/index.aspx")}{ set reqBlock 1 } } when ASM_REQUEST_DONE { if { $reqBlock == 1} { ASM::raise VIOLATION_FORBIDDEN_GET_PATH } }

Hannes_Rapp

Nimbostratus

Dec 07, 2015

1 - Creating a new User-defined ASM violation

Security > Options > Application Security > Advanced Configuration > Violations List > User Defined Violations (tab); Select "Create New User-Defined Violation"

Sample Field Values (adjust as needed):
Name "VIOLATION_FORBIDDEN_GET_PATH"
Title "GET Request to a restricted path"
Type "Access Violation"
Severity "Alert"
Attack Type "Abuse of Functionality"
Description (leave empty)

2 - Go to Blocking Settings

Select Block for your new custom violation (or Alarm, if you want to transparently test)

3 - Creating an iRule

The sample below covers the most simple use-case, a single path. In case of 10 or more paths, using a LTM data group entry match, or a switch statement would be a better option.

when HTTP_REQUEST {
  set reqBlock 0
  if {([HTTP::method] equals "GET") and ([string tolower [HTTP::path]] equals "/mypath/index.aspx")}{
    set reqBlock 1
  }
}
when ASM_REQUEST_DONE {

  if { $reqBlock == 1} {
    ASM::raise VIOLATION_FORBIDDEN_GET_PATH
  }
}

Hannes_Rapp

Nimbostratus

Dec 10, 2015

Worth a try, but I'd expect a TCL error to occur. At least in case of 11.3, this was not possible. Perhaps a newer version already supports common HTTP_REQUEST functions to be called in ASM_REQUEST_DONE event.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM - Block GET requests on a specific URL

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Block requests by reverse DNS record

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Block Referral Requests

Post of the Week: Blocking a Specific URI

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS